chore: shorten key rotation to 30 days and tf validation checks (#6)

* chore: shorten key rotation to 30 days and checks to 60 days * chore: update rotation to 30 days and checks to 45 days
SPHTech-Platform · May 29, 2024 · 5708bce · 5708bce
1 parent fd6b37c
commit 5708bce
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/iam.tf b/iam.tf
@@ -32,9 +32,8 @@ resource "aws_iam_access_key" "vault_secretsync" {
   }
 }
 
-# Trigger access key rotation every 90 days
 resource "time_rotating" "iam_user_secretsync_access_key" {
-  rotation_days = 90
+  rotation_days = local.iam_key_rotation_days
 }
 
 resource "null_resource" "rotate_access_key" {

diff --git a/locals.tf b/locals.tf
@@ -1,5 +1,7 @@
 locals {
-  age_in_days             = timeadd(plantimestamp(), "-2160h") # 90 days (90*24 hours)
+  # checks for keys older than 30 days
+  age_in_days             = timeadd(plantimestamp(), "-1080h") # 45 days (45*24 hours)
+  iam_key_rotation_days   = 30                                 # rotate key if older than 30 days
   sync_base_path          = "sys/sync/destinations"
   destination_name        = "${var.name}-${var.region}-${random_id.this.hex}"
   delete_sync_destination = alltrue([var.delete_all_secret_associations, var.delete_sync_destination])